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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication.. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. §' 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )03 Responsive to communication(s) filed on 07 March '2007 . 
2a)IEI This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 1-28 and 31-34 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) E3 Claim(s) 27 and 28 is/are allowed. 

6) E3 Claim(s) 1-26 and 31-34 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Status of Claims 

Claims 1-32 have been presented for examination in this application. In response to the 
last office action, claims 1,2,8-22,31 were amended, claims 29-30 have been canceled, and 
claims 33-34 have been added. As the result, claims 1-28,31-34 are pending in this application. 

Claims 27-28 are allowed. 

Claims 1 -26,3 1 -34 are rejected. 

Applicant's remarks filed 3/7/07 have been fully considered but they are not persuasive. 
Therefore, the rejections from the previous office action are respectfully maintained, with 
changes as needed to address the amendments. 



Claim Rejection 35 USC 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions 
and requirements of this title. 

Claims 8-13, 14-20 rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claim 8, 14 direct to a security module which is a software/program (see specification's 
paragraph 21, lines 1-2). Therefore, the claimed invention is directed to non-statutory subject 
matter. 



Application/Control Number: 10/764,918 



Page 3 



Art Unit: 2188 

All dependent claims are rejected as having the same deficiencies as the claims they 
depend from. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-26,31,32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Timson et al (6041412) in view of Challener (US Pub 2003/0174842). 

As in claim 1, Timson discloses a method to operating security modules in a computer 
(Timson' s Fig 1 : #2 CPU corresponding to the claim's computer, two security modules (Fig 1 : 
#50, #60, Fig 2: #8, dual secure data modules, column 8, lines 48-65) attaching locally to the 
computer. Timson does not disclose the claim's detail acts associating with the security modules, 
However, Challener' 842 describes a method for storing private key of one security in another 
security module using establish standard such as TCP A (Challener' s paragraph 6, lines 1-10) 
comprising the acts of: detecting a second security module in the computer; determining whether 
a key associated with the second security module is available to the first security module 
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(Challener'842's paragraph 28, Fig 3: #54 query whether user's private key is stored on the TCM 
server, Fig 1 : #40 that corresponds to the claim's first security module); and obtaining the key 
associated with the second security module if the key associated with the second security module 
is not stored at the first security module (Challener'842's paragraph 28, server obtains the private 
key from the client's security module, Fig 1 : #54 that corresponds to the claim's second secure 
module, Fig 1: #22; Challener's paragraph 12 discloses that the first security module, TCM 
server Fig 1 : #40, obtaining the private key associating with the second security module, Fig 1 : 
#22, and providing this key information to a client/user. Obviously, if this key has not been 
stored at the first security module, the first security module, server, will obtain it from the 
client's computer and save it for future referencing, in a migrating manner, see Fig 4a, and 
paragraph 32). 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
include the method and associating apparatus for storing private key of one security in another 
security module using establish standard such as TCP A in Timson's system, thereby the private 
key of one security module can be retrieved from another security safely with any computers 
enable with established standard such as TCP A (see Challener's paragraph 8). 

Timson further discloses the modules of card readers 8 and 9 can be easily integrated into 
one integrated unit. That is the integrated unit with logic including both enable module and 
integration module. Thus the integrated unit can retrieve data in a secure module (Fig 1 : #50 
secure module having data to be read, interrogating data, corresponding to the claim's reading 
key) using read logic (i.e reader #8) and storing the data controlled by another secure module 
(Fig 1 : #storing the data using the secure logic associating with the reader #9 and #60, enable 
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module, column 9 lines 1-16). Timson further discloses that the secure modules must be of the 
same type (Timson' s column 2 lines 30-40 discloses the logic associating with enable and 
interrogate modules such that they must be of the same security scheme (corresponding to the 
claim's modules of same type). 

As in claim 2, Challeher further discloses wherein each of the first security module and 
the second security module is a trusted platform module ("TPM") (Challener' 842 's paragraph 26 
describes the server TPM Fig 1 : # 40 including modules conforming to the trusted platform 
module specification (see Challener' 842 5 s paragraph 6); Challener'842 paragraph 12 further 
disclose the TCPA is employed in the second security module, for example Fig 1 : #22). 

As in claim 3, Challener'842 5 s paragraph 28 further describes comprising the act of 
requesting the key from the second security module (claim 3; requesting private key from 
client's system Fig 1 : 3 12). 

As in claim 4, Challener further discloses the act of sending a public key from the first 
security module to the second security module if the key associated with the second security 
module is not stored at the first security module (Challener' 842 's paragraph 28 discloses when 
the user's private key is not stored in the first security module (Fig 1 : #40 TPM server), the 
server Obviously send the public key (public non-migratable key of the server) to the second 
security module which being used to "wrap" the private key, and the second security module 
sends this wrapped information back to the TPM server). 

As in claim 5, Challener further discloses the act of sending a public key along with 
validation information from the first security module to the second security module if the key 
associated with the second security module is not stored at the first security module 
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(Challener' 842' s paragraph 31 discloses for both the requesting and responding messages, 
additional information to validating the messages can be sent along, for example, information 
associating with authorization for the sender of messages) . 

As in claim 6, Challener further discloses the act of storing the key in a memory 
associated with the first security module (Challener' 842 Fig 1 : #48, #50). 

As in claim 7, Challener further discloses the act of defining the key to be a private key 
(Challener'842's paragraphs 24, 27). 

Claims 8,14,21,31 rejected based on the same rationale as in the rejection of claim 1. 

Claims 9,15,22,32 rejected based on the same rationale as in the rejection of claim 2. 

Claims 10,16,23 rejected based on the same rationale as in the rejection of claim 3. 

Claims 11-12,17-1 8,24-25 rejected based on the same rationale as in the rejection of 
claims 4-5 respectively. 

Claim 19 rejected based on the same rationale as in the rejection of claim 6. 

Claims 13,20,26 rejected based on the same rationale as in the rejection of claim 7. 

Claims 33-34 are rejected under 35 U.S.C. 103(a) as being unpatentable over Timson et 
al (6041412), Challener (US Pub 2003/0174842) as applied to claims 1 and 8 respectively, and in 
view of Dickinson et al (US 7187771). 

As in claim 33 Challener discloses comprising the act of accessing data encrypted by the 
second security module using the key associated with the second security module (Challener 
discloses a method in which a first secure module (Fig 1 : #40) can access data encrypted by the 
second security module using the key associated with second security module (Challener's Fig 3: 
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(Challener' s Fig 3: #60-64, paragraph 31, the stored private key (corresponding to the claim's 
data) is encrypted using non-migratable public key (corresponding to the claim's key associating 
with the second security module), and returning the user's private key/data to the client). In other 
words, Challener teaches a method in which a first security module can retrieve a data 
associating with the second security module by using the stored key associated with the second 
security module and presenting the data to the user. Timson and Challener do not expressly 
disclose the aspect of the claim's regarding the failure of the second security module. However, 
Dickinson discloses a method in which important data is controlled by secure/trust module logic 
(see Abstract, Fig 2). Dikinson further discloses that the secure/trust system comprises several 
redundancy engines authenticate engines, trusted engines (see Dickenson's column 5 lines 60-67, 
column 13 line 46 to column 14 line 3, trust engines perform authenticate functions), which . 
control several redundant copy of critical data, such that the failure of one module/one 
component would not affect the overall secure system. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
include the redundant method for storing copies of data controlled by redundant secure/trusted 
modules in Timson' s system modified by Challener and thereby if one of the secure module 
fails, the data can be obtained from the remaining secure modules and other copies of data (see 
Dickinson's column 17 lines 46-61). 

Claim 34 is rejected based on the same rationale as of claim 33. 



Response to Arguments 
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Applicant's arguments in response to the last office action has been fully considered but 
they are not persuasive. Examiner respectfully traverses Applicant's arguments for the following 
reasons: 

A) Regarding Applicant's remarks on pages 10-13 for the rejections of claims 8-20 under 
35U.S.C101, 

Examiner maintains the claims 8 and 14 directs to the security module, which is a 
software/program (see specification's paragraph 21 , lines 1-2). Therefore, the claimed invention 
is directed to non-statutory subject matter. 

All dependent claims are rejected as having the same deficiencies as the claim(s) they 
depend from. 

B) Regarding Applicant's remarks on pages 13-17 for the rejections of claims 1-26,31-32 
under 35 U.S.C. 103(a), 

It's noted that Applicant's remarks on pages 13-14 fails to specifically point out any error 
of the rejections in the previous Office action. 

C) Regarding the remarks on pages 15-18 for the amended limitation "wherein the 
second security module is one of the same type as the first security module. Timson teaches the 
"type" limitation as follows, 

Timson further discloses the modules of card readers 8 and 9 can be easily integrated into 
one integrated unit. That is the integrated unit with logic including both enable module and 
integration module. Thus the integrated unit can retrieve data in a secure module (Fig 1 : #50 
secure module having data to be read, interrogating data, corresponding to the claim's reading 
key) using read logic (i.e reader #8) and storing the data controlled by another secure module 
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(Fig 1: #storing the data using the secure logic associating with the reader #9 and #60, enable 
module, column 9 lines 1-16). Timson further discloses that the secure modules must be of the 
same type (Timson's column 2 lines 30-40 discloses the logic associating with enable and 
interrogate modules such that they must be of the same security scheme (corresponding to the 
claim's modules of same type). 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 36 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

When responding to the office action, Applicant is advised to provide the examiner with 
the line numbers and page numbers in the application and/or references cited to assist examiner 
to locate the appropriate paragraphs. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Due T. Doan whose telephone number is 571-272-4171. The 
examiner can normally be reached on M-F 8:00 AM 05:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hyung S. Sough can be reached on 571-272-6799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 




